[clug] Linux Security
Alex Satrapa
grail at goldweb.com.au
Fri Oct 10 00:18:41 GMT 2008
On 09/10/2008, at 18:37 , steve jenkin wrote:
> Picking up an old thread, I was wondering how people provide (local)
> email access for 'global travellers'.
One solution will provide you with the means to send/receive email
both locally and remotely, without having to set up any extra fiddly
bits that are bound to break while out in the field.
> Is this solved with just TLS/SSL + user login (and I get busy reading)
Exactly.
You set the TLS + login option on your SMTP and IMAP server once. You
reconfigure every laptop to use TLS for both sending and receiving
email, all the time. Then everything "just works" from there onwards.
No need to train people to use VPN software, no need to figure out
how many ways the VPN software can break when actually being used, etc.
The hardest part is figuring out whether the mail client can be told
to remember your self-signed certificate, or will the user have to
keep clicking the "continue anyway" button every time they launch
their email client or check for new messages?
Since you're going to make TLS + login the default connection method
for this client's entire email experience, there will be no surprises
apart from having to change firewall rules. All this is set-and-
forget from the user's perspective. There is no reason for the
enduser to have to learn to use VPN software unless they desperately
need to be able to show off flashy features to their high powered
executive friends.
Alex
nitpick: please remember to trim unnecessary material when quoting
old messages.
More information about the linux
mailing list